> -----Original Message----- > From: Niels [mailto:zorglub_olsen@xxxxxxxxxxx] > Sent: Thursday, May 12, 2005 10:50 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: [squid-users] RE: How do I hide port 3128? > > > Chris Robertson wrote: > >> Something like: >> >> iptables -A INPUT -i eth0 --dport 3128 -j REJECT >> >> (assuming that you are using eth0) should do it. If the box is acting as >> a gateway, then add the same rule for each ethernet interface. >> >> Chris > > > Thank you for your suggestion. I should have said: I've already tried this, > but nmap will then show > > 3128/tcp filtered squid-http > > which still tells the users that a Squid is running. This also happens with > DROP. And what's worse, it blocks the use of Squid, eventhough I state "-i > eth1". Possibly I'm using Iptables incorrectly, I'll keep trying. > > I think you need to state the protokol like this: "-p tcp" when you use > dport. > > > //Niels Here's another possibility... Change your iptables rule to iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 127.0.0.1:3128 and have squid only listen on the loopback interface ("http_port 127.0.0.1:3128" in squid.conf). Would that work? I haven't done much with nat in quite a while, so I'm not sure if you can NAT to lo. Chris
